Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/core@8.1.4
Typecomposer
Namespacedrupal
Namecore
Version8.1.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.6.16
Latest_non_vulnerable_version11.2.8
Affected_by_vulnerabilities
0
url VCID-163u-tpj9-skc5
vulnerability_id VCID-163u-tpj9-skc5
summary Cross-site Scripting vulnerability in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2019-004
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2019-004
fixed_packages
0
url pkg:composer/drupal/core@8.6.12
purl pkg:composer/drupal/core@8.6.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5txj-xsnq-ducf
1
vulnerability VCID-795n-caf2-fbcq
2
vulnerability VCID-7qhc-n6hc-ukbu
3
vulnerability VCID-h6c2-e5qv-myg8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.12
aliases GMS-2019-147
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-163u-tpj9-skc5
1
url VCID-1jfe-j1fz-juec
vulnerability_id VCID-1jfe-j1fz-juec
summary 
URL Redirection to Untrusted Site ('Open Redirect')
Anonymous Open Redirect in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-795n-caf2-fbcq
3
vulnerability VCID-7qhc-n6hc-ukbu
4
vulnerability VCID-h6c2-e5qv-myg8
5
vulnerability VCID-j545-f44v-w3cn
6
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GMS-2018-54
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1jfe-j1fz-juec
2
url VCID-1unn-dn56-vufe
vulnerability_id VCID-1unn-dn56-vufe
summary 
File REST resource does not properly validate
The file REST resource does not properly validate some fields when manipulating files. the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6921
reference_id
reference_type
scores
0
value 0.00441
scoring_system epss
scoring_elements 0.6351
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6921
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
3
reference_url https://www.drupal.org/SA-CORE-2017-003
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-003
4
reference_url http://www.securityfocus.com/bid/99222
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99222
5
reference_url http://www.securitytracker.com/id/1038781
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038781
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6921
reference_id CVE-2017-6921
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6921
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml
reference_id CVE-2017-6921.YAML
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6921.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml
reference_id CVE-2017-6921.YAML
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6921.yaml
9
reference_url https://github.com/advisories/GHSA-h377-287m-w2r9
reference_id GHSA-h377-287m-w2r9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h377-287m-w2r9
fixed_packages
0
url pkg:composer/drupal/core@8.3.4
purl pkg:composer/drupal/core@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-fx6n-du84-yya2
8
vulnerability VCID-j545-f44v-w3cn
9
vulnerability VCID-j7zf-w99n-nfcf
10
vulnerability VCID-kd54-616n-wbcw
11
vulnerability VCID-nfzm-eyht-kkb1
12
vulnerability VCID-re2h-u5bk-wqbw
13
vulnerability VCID-s8d1-k9q4-nkds
14
vulnerability VCID-svhr-wt5d-xbbq
15
vulnerability VCID-ty8g-qrbm-cuf3
16
vulnerability VCID-unh6-xwtu-mkbt
17
vulnerability VCID-v2h1-1cfd-muft
18
vulnerability VCID-vby4-6r8z-6qgy
19
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.4
aliases CVE-2017-6921, GHSA-h377-287m-w2r9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1unn-dn56-vufe
3
url VCID-2bnn-1wmq-ckdd
vulnerability_id VCID-2bnn-1wmq-ckdd
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9449
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.44035
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9449
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9449.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9449.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9449
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9449
5
reference_url https://www.drupal.org/SA-CORE-2016-005
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2016-005
6
reference_url http://www.debian.org/security/2016/dsa-3718
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3718
7
reference_url http://www.securityfocus.com/bid/94367
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94367
8
reference_url https://security.archlinux.org/ASA-201611-20
reference_id ASA-201611-20
reference_type
scores
url https://security.archlinux.org/ASA-201611-20
9
reference_url https://security.archlinux.org/AVG-74
reference_id AVG-74
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-74
fixed_packages
0
url pkg:composer/drupal/core@8.2.3
purl pkg:composer/drupal/core@8.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-4un9-k6n8-nffu
4
vulnerability VCID-51ze-a1zm-ukey
5
vulnerability VCID-5txj-xsnq-ducf
6
vulnerability VCID-757r-nv73-gfhg
7
vulnerability VCID-7kzf-7csh-wkds
8
vulnerability VCID-7qhc-n6hc-ukbu
9
vulnerability VCID-9ux4-434v-jbb9
10
vulnerability VCID-ejt8-umuh-g7e7
11
vulnerability VCID-fx6n-du84-yya2
12
vulnerability VCID-g3u3-6dza-gkg7
13
vulnerability VCID-hz2k-at38-wbeb
14
vulnerability VCID-j1yc-pqhw-pbh1
15
vulnerability VCID-j545-f44v-w3cn
16
vulnerability VCID-j7zf-w99n-nfcf
17
vulnerability VCID-jyzy-3fjs-b3fs
18
vulnerability VCID-kd54-616n-wbcw
19
vulnerability VCID-nfzm-eyht-kkb1
20
vulnerability VCID-re2h-u5bk-wqbw
21
vulnerability VCID-s8d1-k9q4-nkds
22
vulnerability VCID-svhr-wt5d-xbbq
23
vulnerability VCID-tv1h-9yxp-ryap
24
vulnerability VCID-ty8g-qrbm-cuf3
25
vulnerability VCID-unh6-xwtu-mkbt
26
vulnerability VCID-v2h1-1cfd-muft
27
vulnerability VCID-vby4-6r8z-6qgy
28
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.3
aliases CVE-2016-9449, GHSA-p745-347h-hjfw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bnn-1wmq-ckdd
4
url VCID-4un9-k6n8-nffu
vulnerability_id VCID-4un9-k6n8-nffu
summary 
Access Bypass
This is a critical access bypass vulnerability in Drupal.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6919
reference_id
reference_type
scores
0
value 0.00598
scoring_system epss
scoring_elements 0.69723
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6919
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6919.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6919.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6919.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6919.yaml
4
reference_url https://groups.drupal.org/node/516645
reference_id
reference_type
scores
url https://groups.drupal.org/node/516645
5
reference_url https://www.drupal.org/SA-2017-002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-2017-002
6
reference_url https://www.drupal.org/SA-CORE-2017-002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-002
7
reference_url http://www.securityfocus.com/bid/97941
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/97941
8
reference_url http://www.securitytracker.com/id/1038371
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038371
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6919
reference_id CVE-2017-6919
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6919
fixed_packages
0
url pkg:composer/drupal/core@8.2.8
purl pkg:composer/drupal/core@8.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-51ze-a1zm-ukey
4
vulnerability VCID-5txj-xsnq-ducf
5
vulnerability VCID-757r-nv73-gfhg
6
vulnerability VCID-7kzf-7csh-wkds
7
vulnerability VCID-7qhc-n6hc-ukbu
8
vulnerability VCID-9ux4-434v-jbb9
9
vulnerability VCID-ejt8-umuh-g7e7
10
vulnerability VCID-fx6n-du84-yya2
11
vulnerability VCID-hz2k-at38-wbeb
12
vulnerability VCID-j1yc-pqhw-pbh1
13
vulnerability VCID-j545-f44v-w3cn
14
vulnerability VCID-j7zf-w99n-nfcf
15
vulnerability VCID-kd54-616n-wbcw
16
vulnerability VCID-nfzm-eyht-kkb1
17
vulnerability VCID-re2h-u5bk-wqbw
18
vulnerability VCID-s8d1-k9q4-nkds
19
vulnerability VCID-svhr-wt5d-xbbq
20
vulnerability VCID-ty8g-qrbm-cuf3
21
vulnerability VCID-unh6-xwtu-mkbt
22
vulnerability VCID-v2h1-1cfd-muft
23
vulnerability VCID-vby4-6r8z-6qgy
24
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.8
1
url pkg:composer/drupal/core@8.3.1
purl pkg:composer/drupal/core@8.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-51ze-a1zm-ukey
4
vulnerability VCID-5txj-xsnq-ducf
5
vulnerability VCID-757r-nv73-gfhg
6
vulnerability VCID-7qhc-n6hc-ukbu
7
vulnerability VCID-9ux4-434v-jbb9
8
vulnerability VCID-ejt8-umuh-g7e7
9
vulnerability VCID-fx6n-du84-yya2
10
vulnerability VCID-j1yc-pqhw-pbh1
11
vulnerability VCID-j545-f44v-w3cn
12
vulnerability VCID-j7zf-w99n-nfcf
13
vulnerability VCID-kd54-616n-wbcw
14
vulnerability VCID-nfzm-eyht-kkb1
15
vulnerability VCID-re2h-u5bk-wqbw
16
vulnerability VCID-s8d1-k9q4-nkds
17
vulnerability VCID-svhr-wt5d-xbbq
18
vulnerability VCID-ty8g-qrbm-cuf3
19
vulnerability VCID-unh6-xwtu-mkbt
20
vulnerability VCID-v2h1-1cfd-muft
21
vulnerability VCID-vby4-6r8z-6qgy
22
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.1
aliases CVE-2017-6919, GHSA-6hpj-9xj7-2jxx
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4un9-k6n8-nffu
5
url VCID-51ze-a1zm-ukey
vulnerability_id VCID-51ze-a1zm-ukey
summary 
XSS Vulnerability
CKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the `image2` plugin.
references
0
reference_url https://www.drupal.org/sa-core-2018-003
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-003
fixed_packages
0
url pkg:composer/drupal/core@8.4.7
purl pkg:composer/drupal/core@8.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-5txj-xsnq-ducf
3
vulnerability VCID-757r-nv73-gfhg
4
vulnerability VCID-7qhc-n6hc-ukbu
5
vulnerability VCID-j545-f44v-w3cn
6
vulnerability VCID-nfzm-eyht-kkb1
7
vulnerability VCID-re2h-u5bk-wqbw
8
vulnerability VCID-vby4-6r8z-6qgy
9
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.7
1
url pkg:composer/drupal/core@8.5.2
purl pkg:composer/drupal/core@8.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-5txj-xsnq-ducf
3
vulnerability VCID-757r-nv73-gfhg
4
vulnerability VCID-795n-caf2-fbcq
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-h6c2-e5qv-myg8
7
vulnerability VCID-j545-f44v-w3cn
8
vulnerability VCID-nfzm-eyht-kkb1
9
vulnerability VCID-re2h-u5bk-wqbw
10
vulnerability VCID-vby4-6r8z-6qgy
11
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.2
aliases SA-CORE-2018-003
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-51ze-a1zm-ukey
6
url VCID-5txj-xsnq-ducf
vulnerability_id VCID-5txj-xsnq-ducf
summary 
Cross-site Scripting
In Symfony, validation messages are not escaped, which can lead to XSS when user input is included.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
reference_id
reference_type
scores
0
value 0.00355
scoring_system epss
scoring_elements 0.58042
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
1
reference_url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
2
reference_url https://www.drupal.org/sa-core-2019-005
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-005
3
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_19
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
5
reference_url https://symfony.com/cve-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10909
6
reference_url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
reference_id CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
reference_id CVE-2019-10909.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
reference_id CVE-2019-10909.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
reference_id CVE-2019-10909.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
reference_id CVE-2019-10909.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
11
reference_url https://github.com/advisories/GHSA-g996-q5r8-w7g2
reference_id GHSA-g996-q5r8-w7g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g996-q5r8-w7g2
fixed_packages
0
url pkg:composer/drupal/core@8.5.15
purl pkg:composer/drupal/core@8.5.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7qhc-n6hc-ukbu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.15
1
url pkg:composer/drupal/core@8.6.15
purl pkg:composer/drupal/core@8.6.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7qhc-n6hc-ukbu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.15
aliases CVE-2019-10909, GHSA-g996-q5r8-w7g2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5txj-xsnq-ducf
7
url VCID-757r-nv73-gfhg
vulnerability_id VCID-757r-nv73-gfhg
summary 
Code Injection
Injection in `DefaultMailSystem::mail()`.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-795n-caf2-fbcq
3
vulnerability VCID-7qhc-n6hc-ukbu
4
vulnerability VCID-h6c2-e5qv-myg8
5
vulnerability VCID-j545-f44v-w3cn
6
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GMS-2018-55
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-757r-nv73-gfhg
8
url VCID-7kzf-7csh-wkds
vulnerability_id VCID-7kzf-7csh-wkds
summary 
Improper Privilege Management
When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6924
reference_id
reference_type
scores
0
value 0.00464
scoring_system epss
scoring_elements 0.64645
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6924
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
3
reference_url https://www.drupal.org/SA-CORE-2017-004
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-004
4
reference_url http://www.securityfocus.com/bid/100368
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/100368
5
reference_url http://www.securitytracker.com/id/1039200
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1039200
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6924
reference_id CVE-2017-6924
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6924
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6924.yaml
reference_id CVE-2017-6924.YAML
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6924.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6924.yaml
reference_id CVE-2017-6924.YAML
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6924.yaml
9
reference_url https://github.com/advisories/GHSA-p8g6-5mg7-9r5q
reference_id GHSA-p8g6-5mg7-9r5q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p8g6-5mg7-9r5q
fixed_packages
0
url pkg:composer/drupal/core@8.3.0
purl pkg:composer/drupal/core@8.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-4un9-k6n8-nffu
4
vulnerability VCID-51ze-a1zm-ukey
5
vulnerability VCID-5txj-xsnq-ducf
6
vulnerability VCID-757r-nv73-gfhg
7
vulnerability VCID-7qhc-n6hc-ukbu
8
vulnerability VCID-9ux4-434v-jbb9
9
vulnerability VCID-ejt8-umuh-g7e7
10
vulnerability VCID-fx6n-du84-yya2
11
vulnerability VCID-j1yc-pqhw-pbh1
12
vulnerability VCID-j545-f44v-w3cn
13
vulnerability VCID-j7zf-w99n-nfcf
14
vulnerability VCID-kd54-616n-wbcw
15
vulnerability VCID-nfzm-eyht-kkb1
16
vulnerability VCID-re2h-u5bk-wqbw
17
vulnerability VCID-s8d1-k9q4-nkds
18
vulnerability VCID-svhr-wt5d-xbbq
19
vulnerability VCID-ty8g-qrbm-cuf3
20
vulnerability VCID-unh6-xwtu-mkbt
21
vulnerability VCID-v2h1-1cfd-muft
22
vulnerability VCID-vby4-6r8z-6qgy
23
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.0
1
url pkg:composer/drupal/core@8.3.7
purl pkg:composer/drupal/core@8.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-fx6n-du84-yya2
8
vulnerability VCID-j545-f44v-w3cn
9
vulnerability VCID-j7zf-w99n-nfcf
10
vulnerability VCID-kd54-616n-wbcw
11
vulnerability VCID-nfzm-eyht-kkb1
12
vulnerability VCID-re2h-u5bk-wqbw
13
vulnerability VCID-svhr-wt5d-xbbq
14
vulnerability VCID-ty8g-qrbm-cuf3
15
vulnerability VCID-unh6-xwtu-mkbt
16
vulnerability VCID-v2h1-1cfd-muft
17
vulnerability VCID-vby4-6r8z-6qgy
18
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.7
aliases CVE-2017-6924, GHSA-p8g6-5mg7-9r5q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7kzf-7csh-wkds
9
url VCID-7qhc-n6hc-ukbu
vulnerability_id VCID-7qhc-n6hc-ukbu
summary 
Moderately critical - Third-party libraries - SA-CORE-2019-007
The `PharStreamWrapper` (aka `phar-stream-wrapper`) package does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a `phar:///path/bad.phar/../good.phar` URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11831
reference_id
reference_type
scores
0
value 0.28615
scoring_system epss
scoring_elements 0.96614
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11831
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-11831.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-11831.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/phar-stream-wrapper/CVE-2019-11831.yaml
4
reference_url https://github.com/TYPO3/phar-stream-wrapper
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/phar-stream-wrapper
5
reference_url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1
6
reference_url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1
7
reference_url https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUEXS4HRI4XZ2DTZMWAVQBYBTFSJ34AR/
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E3NUKPG7V4QEM6QXRMHYR4ABFMW5MM2P/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z246UWBXBEKTQUDTLRJTC7XYBIO4IBE4/
32
reference_url https://seclists.org/bugtraq/2019/May/36
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/36
33
reference_url https://typo3.org/security/advisory/typo3-psa-2019-007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-psa-2019-007
34
reference_url https://typo3.org/security/advisory/typo3-psa-2019-007/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-psa-2019-007/
35
reference_url https://www.debian.org/security/2019/dsa-4445
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4445
36
reference_url https://www.drupal.org/sa-core-2019-007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-007
37
reference_url https://www.drupal.org/SA-CORE-2019-007
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2019-007
38
reference_url https://www.synology.com/security/advisory/Synology_SA_19_22
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_22
39
reference_url http://www.securityfocus.com/bid/108302
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108302
40
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11831
reference_id CVE-2019-11831
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11831
41
reference_url https://github.com/advisories/GHSA-xv7v-rf6g-xwrc
reference_id GHSA-xv7v-rf6g-xwrc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv7v-rf6g-xwrc
fixed_packages
0
url pkg:composer/drupal/core@8.6.16
purl pkg:composer/drupal/core@8.6.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.16
1
url pkg:composer/drupal/core@8.7.1
purl pkg:composer/drupal/core@8.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.7.1
aliases CVE-2019-11831, GHSA-xv7v-rf6g-xwrc
risk_score 0.1
exploitability 0.5
weighted_severity 0.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qhc-n6hc-ukbu
10
url VCID-9ux4-434v-jbb9
vulnerability_id VCID-9ux4-434v-jbb9
summary 
Cross-site Scripting
XSS vulnerabiltiy in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2018-003
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-003
fixed_packages
0
url pkg:composer/drupal/core@8.4.7
purl pkg:composer/drupal/core@8.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-5txj-xsnq-ducf
3
vulnerability VCID-757r-nv73-gfhg
4
vulnerability VCID-7qhc-n6hc-ukbu
5
vulnerability VCID-j545-f44v-w3cn
6
vulnerability VCID-nfzm-eyht-kkb1
7
vulnerability VCID-re2h-u5bk-wqbw
8
vulnerability VCID-vby4-6r8z-6qgy
9
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.7
1
url pkg:composer/drupal/core@8.5.0-alpha1
purl pkg:composer/drupal/core@8.5.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-j545-f44v-w3cn
7
vulnerability VCID-nfzm-eyht-kkb1
8
vulnerability VCID-re2h-u5bk-wqbw
9
vulnerability VCID-vby4-6r8z-6qgy
10
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.0-alpha1
2
url pkg:composer/drupal/core@8.5.2
purl pkg:composer/drupal/core@8.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-5txj-xsnq-ducf
3
vulnerability VCID-757r-nv73-gfhg
4
vulnerability VCID-795n-caf2-fbcq
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-h6c2-e5qv-myg8
7
vulnerability VCID-j545-f44v-w3cn
8
vulnerability VCID-nfzm-eyht-kkb1
9
vulnerability VCID-re2h-u5bk-wqbw
10
vulnerability VCID-vby4-6r8z-6qgy
11
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.2
aliases GMS-2018-51
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ux4-434v-jbb9
11
url VCID-dhzk-3ek4-2uf8
vulnerability_id VCID-dhzk-3ek4-2uf8
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9452
reference_id
reference_type
scores
0
value 0.00378
scoring_system epss
scoring_elements 0.5962
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9452
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9452.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9452.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9452.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9452.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9452
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9452
5
reference_url https://www.drupal.org/SA-CORE-2016-005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2016-005
6
reference_url http://www.securityfocus.com/bid/94367
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94367
7
reference_url https://security.archlinux.org/ASA-201611-20
reference_id ASA-201611-20
reference_type
scores
url https://security.archlinux.org/ASA-201611-20
8
reference_url https://security.archlinux.org/AVG-74
reference_id AVG-74
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-74
fixed_packages
0
url pkg:composer/drupal/core@8.2.3
purl pkg:composer/drupal/core@8.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-4un9-k6n8-nffu
4
vulnerability VCID-51ze-a1zm-ukey
5
vulnerability VCID-5txj-xsnq-ducf
6
vulnerability VCID-757r-nv73-gfhg
7
vulnerability VCID-7kzf-7csh-wkds
8
vulnerability VCID-7qhc-n6hc-ukbu
9
vulnerability VCID-9ux4-434v-jbb9
10
vulnerability VCID-ejt8-umuh-g7e7
11
vulnerability VCID-fx6n-du84-yya2
12
vulnerability VCID-g3u3-6dza-gkg7
13
vulnerability VCID-hz2k-at38-wbeb
14
vulnerability VCID-j1yc-pqhw-pbh1
15
vulnerability VCID-j545-f44v-w3cn
16
vulnerability VCID-j7zf-w99n-nfcf
17
vulnerability VCID-jyzy-3fjs-b3fs
18
vulnerability VCID-kd54-616n-wbcw
19
vulnerability VCID-nfzm-eyht-kkb1
20
vulnerability VCID-re2h-u5bk-wqbw
21
vulnerability VCID-s8d1-k9q4-nkds
22
vulnerability VCID-svhr-wt5d-xbbq
23
vulnerability VCID-tv1h-9yxp-ryap
24
vulnerability VCID-ty8g-qrbm-cuf3
25
vulnerability VCID-unh6-xwtu-mkbt
26
vulnerability VCID-v2h1-1cfd-muft
27
vulnerability VCID-vby4-6r8z-6qgy
28
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.3
aliases CVE-2016-9452, GHSA-jpj8-49hr-wcwv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhzk-3ek4-2uf8
12
url VCID-ejt8-umuh-g7e7
vulnerability_id VCID-ejt8-umuh-g7e7
summary 
PECL YAML parser unsafe object handling
PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This can lead to remote code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6920
reference_id
reference_type
scores
0
value 0.66148
scoring_system epss
scoring_elements 0.9854
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6920
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6920.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6920.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6920
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6920
5
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
6
reference_url https://www.drupal.org/SA-CORE-2017-003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-003
7
reference_url http://www.securityfocus.com/bid/99211
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99211
8
reference_url http://www.securitytracker.com/id/1038781
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038781
fixed_packages
0
url pkg:composer/drupal/core@8.3.4
purl pkg:composer/drupal/core@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-fx6n-du84-yya2
8
vulnerability VCID-j545-f44v-w3cn
9
vulnerability VCID-j7zf-w99n-nfcf
10
vulnerability VCID-kd54-616n-wbcw
11
vulnerability VCID-nfzm-eyht-kkb1
12
vulnerability VCID-re2h-u5bk-wqbw
13
vulnerability VCID-s8d1-k9q4-nkds
14
vulnerability VCID-svhr-wt5d-xbbq
15
vulnerability VCID-ty8g-qrbm-cuf3
16
vulnerability VCID-unh6-xwtu-mkbt
17
vulnerability VCID-v2h1-1cfd-muft
18
vulnerability VCID-vby4-6r8z-6qgy
19
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.4
aliases CVE-2017-6920, GHSA-9c24-g32g-35rj
risk_score 0.3
exploitability 0.5
weighted_severity 0.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ejt8-umuh-g7e7
13
url VCID-fx6n-du84-yya2
vulnerability_id VCID-fx6n-du84-yya2
summary 
Cross-site Scripting
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6929
reference_id
reference_type
scores
0
value 0.00603
scoring_system epss
scoring_elements 0.69901
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6929
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6929.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6929.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6929.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6929.yaml
4
reference_url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6929
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6929
6
reference_url https://www.debian.org/security/2018/dsa-4123
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4123
7
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
8
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
fixed_packages
0
url pkg:composer/drupal/core@8.4.0
purl pkg:composer/drupal/core@8.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-ardj-zyxg-9ued
8
vulnerability VCID-fx6n-du84-yya2
9
vulnerability VCID-j545-f44v-w3cn
10
vulnerability VCID-j7zf-w99n-nfcf
11
vulnerability VCID-kd54-616n-wbcw
12
vulnerability VCID-nfzm-eyht-kkb1
13
vulnerability VCID-re2h-u5bk-wqbw
14
vulnerability VCID-svhr-wt5d-xbbq
15
vulnerability VCID-ty8g-qrbm-cuf3
16
vulnerability VCID-unh6-xwtu-mkbt
17
vulnerability VCID-v2h1-1cfd-muft
18
vulnerability VCID-vby4-6r8z-6qgy
19
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.0
1
url pkg:composer/drupal/core@8.4.5
purl pkg:composer/drupal/core@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-j545-f44v-w3cn
8
vulnerability VCID-nfzm-eyht-kkb1
9
vulnerability VCID-re2h-u5bk-wqbw
10
vulnerability VCID-svhr-wt5d-xbbq
11
vulnerability VCID-vby4-6r8z-6qgy
12
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5
aliases CVE-2017-6929, GHSA-5vpr-v24w-mmjj
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fx6n-du84-yya2
14
url VCID-g3u3-6dza-gkg7
vulnerability_id VCID-g3u3-6dza-gkg7
summary 
Remote code execution
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal. To be sure you aren’t vulnerable, you can remove the /vendor/phpunit directory from the site root of your production deployments.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6381
reference_id
reference_type
scores
0
value 0.03314
scoring_system epss
scoring_elements 0.87473
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6381
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6381.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6381.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6381.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6381.yaml
4
reference_url https://www.drupal.org/SA-2017-001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-2017-001
5
reference_url http://www.securityfocus.com/bid/96919
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96919
6
reference_url http://www.securitytracker.com/id/1038058
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038058
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6381
reference_id CVE-2017-6381
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6381
fixed_packages
0
url pkg:composer/drupal/core@8.2.7
purl pkg:composer/drupal/core@8.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-4un9-k6n8-nffu
4
vulnerability VCID-51ze-a1zm-ukey
5
vulnerability VCID-5txj-xsnq-ducf
6
vulnerability VCID-757r-nv73-gfhg
7
vulnerability VCID-7kzf-7csh-wkds
8
vulnerability VCID-7qhc-n6hc-ukbu
9
vulnerability VCID-9ux4-434v-jbb9
10
vulnerability VCID-ejt8-umuh-g7e7
11
vulnerability VCID-fx6n-du84-yya2
12
vulnerability VCID-hz2k-at38-wbeb
13
vulnerability VCID-j1yc-pqhw-pbh1
14
vulnerability VCID-j545-f44v-w3cn
15
vulnerability VCID-j7zf-w99n-nfcf
16
vulnerability VCID-kd54-616n-wbcw
17
vulnerability VCID-nfzm-eyht-kkb1
18
vulnerability VCID-re2h-u5bk-wqbw
19
vulnerability VCID-s8d1-k9q4-nkds
20
vulnerability VCID-svhr-wt5d-xbbq
21
vulnerability VCID-ty8g-qrbm-cuf3
22
vulnerability VCID-unh6-xwtu-mkbt
23
vulnerability VCID-v2h1-1cfd-muft
24
vulnerability VCID-vby4-6r8z-6qgy
25
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.7
aliases CVE-2017-6381, GHSA-rhx9-3qf7-r3j7
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g3u3-6dza-gkg7
15
url VCID-hz2k-at38-wbeb
vulnerability_id VCID-hz2k-at38-wbeb
summary 
Missing Authorization
When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6923
reference_id
reference_type
scores
0
value 0.0068
scoring_system epss
scoring_elements 0.7192
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6923
1
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
2
reference_url https://www.drupal.org/SA-CORE-2017-004
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-004
3
reference_url http://www.securityfocus.com/bid/100368
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/100368
4
reference_url http://www.securitytracker.com/id/1039200
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1039200
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6923
reference_id CVE-2017-6923
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6923
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6923.yaml
reference_id CVE-2017-6923.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6923.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6923.yaml
reference_id CVE-2017-6923.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6923.yaml
8
reference_url https://github.com/advisories/GHSA-v3f6-f29f-rgvp
reference_id GHSA-v3f6-f29f-rgvp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v3f6-f29f-rgvp
fixed_packages
0
url pkg:composer/drupal/core@8.3.0
purl pkg:composer/drupal/core@8.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-4un9-k6n8-nffu
4
vulnerability VCID-51ze-a1zm-ukey
5
vulnerability VCID-5txj-xsnq-ducf
6
vulnerability VCID-757r-nv73-gfhg
7
vulnerability VCID-7qhc-n6hc-ukbu
8
vulnerability VCID-9ux4-434v-jbb9
9
vulnerability VCID-ejt8-umuh-g7e7
10
vulnerability VCID-fx6n-du84-yya2
11
vulnerability VCID-j1yc-pqhw-pbh1
12
vulnerability VCID-j545-f44v-w3cn
13
vulnerability VCID-j7zf-w99n-nfcf
14
vulnerability VCID-kd54-616n-wbcw
15
vulnerability VCID-nfzm-eyht-kkb1
16
vulnerability VCID-re2h-u5bk-wqbw
17
vulnerability VCID-s8d1-k9q4-nkds
18
vulnerability VCID-svhr-wt5d-xbbq
19
vulnerability VCID-ty8g-qrbm-cuf3
20
vulnerability VCID-unh6-xwtu-mkbt
21
vulnerability VCID-v2h1-1cfd-muft
22
vulnerability VCID-vby4-6r8z-6qgy
23
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.0
1
url pkg:composer/drupal/core@8.3.7
purl pkg:composer/drupal/core@8.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-fx6n-du84-yya2
8
vulnerability VCID-j545-f44v-w3cn
9
vulnerability VCID-j7zf-w99n-nfcf
10
vulnerability VCID-kd54-616n-wbcw
11
vulnerability VCID-nfzm-eyht-kkb1
12
vulnerability VCID-re2h-u5bk-wqbw
13
vulnerability VCID-svhr-wt5d-xbbq
14
vulnerability VCID-ty8g-qrbm-cuf3
15
vulnerability VCID-unh6-xwtu-mkbt
16
vulnerability VCID-v2h1-1cfd-muft
17
vulnerability VCID-vby4-6r8z-6qgy
18
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.7
aliases CVE-2017-6923, GHSA-v3f6-f29f-rgvp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hz2k-at38-wbeb
16
url VCID-j1yc-pqhw-pbh1
vulnerability_id VCID-j1yc-pqhw-pbh1
summary 
Files uploaded by anonymous users accessed by other users
Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core does not provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6922
reference_id
reference_type
scores
0
value 0.01704
scoring_system epss
scoring_elements 0.82619
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6922
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.debian.org/security/2017/dsa-3897
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-3897
3
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-06-21/drupal-core-multiple
4
reference_url https://www.drupal.org/SA-CORE-2017-003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-003
5
reference_url http://www.securityfocus.com/bid/99219
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99219
6
reference_url http://www.securitytracker.com/id/1038781
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038781
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6922
reference_id CVE-2017-6922
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6922
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml
reference_id CVE-2017-6922.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6922.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml
reference_id CVE-2017-6922.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6922.yaml
10
reference_url https://github.com/advisories/GHSA-58f3-cx8p-h8jg
reference_id GHSA-58f3-cx8p-h8jg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-58f3-cx8p-h8jg
fixed_packages
0
url pkg:composer/drupal/core@8.3.4
purl pkg:composer/drupal/core@8.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-fx6n-du84-yya2
8
vulnerability VCID-j545-f44v-w3cn
9
vulnerability VCID-j7zf-w99n-nfcf
10
vulnerability VCID-kd54-616n-wbcw
11
vulnerability VCID-nfzm-eyht-kkb1
12
vulnerability VCID-re2h-u5bk-wqbw
13
vulnerability VCID-s8d1-k9q4-nkds
14
vulnerability VCID-svhr-wt5d-xbbq
15
vulnerability VCID-ty8g-qrbm-cuf3
16
vulnerability VCID-unh6-xwtu-mkbt
17
vulnerability VCID-v2h1-1cfd-muft
18
vulnerability VCID-vby4-6r8z-6qgy
19
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.4
aliases CVE-2017-6922, GHSA-58f3-cx8p-h8jg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j1yc-pqhw-pbh1
17
url VCID-j545-f44v-w3cn
vulnerability_id VCID-j545-f44v-w3cn
summary 
Improper Input Validation
A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted `phar://` URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6339
reference_id
reference_type
scores
0
value 0.76091
scoring_system epss
scoring_elements 0.98943
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6339
1
reference_url https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/02/msg00004.html
2
reference_url https://www.debian.org/security/2019/dsa-4370
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4370
3
reference_url https://www.drupal.org/sa-core-2019-002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-002
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6339
reference_id CVE-2019-6339
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6339
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml
reference_id CVE-2019-6339.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-6339.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml
reference_id CVE-2019-6339.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6339.yaml
7
reference_url https://github.com/advisories/GHSA-8cw5-rv98-5c46
reference_id GHSA-8cw5-rv98-5c46
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8cw5-rv98-5c46
fixed_packages
0
url pkg:composer/drupal/core@8.5.9
purl pkg:composer/drupal/core@8.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-795n-caf2-fbcq
3
vulnerability VCID-7qhc-n6hc-ukbu
4
vulnerability VCID-h6c2-e5qv-myg8
5
vulnerability VCID-j545-f44v-w3cn
6
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.9
1
url pkg:composer/drupal/core@8.6.6
purl pkg:composer/drupal/core@8.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-795n-caf2-fbcq
3
vulnerability VCID-7qhc-n6hc-ukbu
4
vulnerability VCID-h6c2-e5qv-myg8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.6
aliases CVE-2019-6339, GHSA-8cw5-rv98-5c46
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j545-f44v-w3cn
18
url VCID-j7zf-w99n-nfcf
vulnerability_id VCID-j7zf-w99n-nfcf
summary 
Comment reply form allows access to restricted content
Users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the attacker must have permission to post comments.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6926
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6926
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58818
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6926
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6926.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6926.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6926
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6926
6
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
7
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
fixed_packages
0
url pkg:composer/drupal/core@8.4.5
purl pkg:composer/drupal/core@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-j545-f44v-w3cn
8
vulnerability VCID-nfzm-eyht-kkb1
9
vulnerability VCID-re2h-u5bk-wqbw
10
vulnerability VCID-svhr-wt5d-xbbq
11
vulnerability VCID-vby4-6r8z-6qgy
12
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5
aliases CVE-2017-6926, GHSA-2p28-5mvp-2j2r
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7zf-w99n-nfcf
19
url VCID-jyzy-3fjs-b3fs
vulnerability_id VCID-jyzy-3fjs-b3fs
summary 
Access Bypass
When adding a private file via the editor in Drupal, the editor will not correctly check access for the file being attached, resulting in an access bypass.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6377
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52453
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6377
1
reference_url https://github.com/drupal/drupal
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/drupal
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6377.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6377.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6377.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6377.yaml
4
reference_url https://www.drupal.org/SA-2017-001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-2017-001
5
reference_url http://www.securityfocus.com/bid/96919
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96919
6
reference_url http://www.securitytracker.com/id/1038058
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038058
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6377
reference_id CVE-2017-6377
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6377
fixed_packages
0
url pkg:composer/drupal/core@8.2.7
purl pkg:composer/drupal/core@8.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-4un9-k6n8-nffu
4
vulnerability VCID-51ze-a1zm-ukey
5
vulnerability VCID-5txj-xsnq-ducf
6
vulnerability VCID-757r-nv73-gfhg
7
vulnerability VCID-7kzf-7csh-wkds
8
vulnerability VCID-7qhc-n6hc-ukbu
9
vulnerability VCID-9ux4-434v-jbb9
10
vulnerability VCID-ejt8-umuh-g7e7
11
vulnerability VCID-fx6n-du84-yya2
12
vulnerability VCID-hz2k-at38-wbeb
13
vulnerability VCID-j1yc-pqhw-pbh1
14
vulnerability VCID-j545-f44v-w3cn
15
vulnerability VCID-j7zf-w99n-nfcf
16
vulnerability VCID-kd54-616n-wbcw
17
vulnerability VCID-nfzm-eyht-kkb1
18
vulnerability VCID-re2h-u5bk-wqbw
19
vulnerability VCID-s8d1-k9q4-nkds
20
vulnerability VCID-svhr-wt5d-xbbq
21
vulnerability VCID-ty8g-qrbm-cuf3
22
vulnerability VCID-unh6-xwtu-mkbt
23
vulnerability VCID-v2h1-1cfd-muft
24
vulnerability VCID-vby4-6r8z-6qgy
25
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.7
aliases CVE-2017-6377, GHSA-w7qx-vwr9-2j3r
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jyzy-3fjs-b3fs
20
url VCID-kd54-616n-wbcw
vulnerability_id VCID-kd54-616n-wbcw
summary 
Language fallback can be incorrect on multilingual sites with node access restrictions
When using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node. This can result in an access bypass vulnerability. This issue is mitigated by the fact that it only applies to sites that a) use the Content Translation module; and b) use a node access module such as Domain Access which implement hook_node_access_records(). Note that the update will mark the node access tables as needing a rebuild, which will take a long time on sites with a large number of nodes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6930
reference_id
reference_type
scores
0
value 0.00424
scoring_system epss
scoring_elements 0.62467
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6930
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6930.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6930.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6930
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6930
5
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
6
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
7
reference_url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930
reference_id
reference_type
scores
url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6930
fixed_packages
0
url pkg:composer/drupal/core@8.4.5
purl pkg:composer/drupal/core@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-j545-f44v-w3cn
8
vulnerability VCID-nfzm-eyht-kkb1
9
vulnerability VCID-re2h-u5bk-wqbw
10
vulnerability VCID-svhr-wt5d-xbbq
11
vulnerability VCID-vby4-6r8z-6qgy
12
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5
aliases CVE-2017-6930, GHSA-3327-jr93-7hq3
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kd54-616n-wbcw
21
url VCID-nfzm-eyht-kkb1
vulnerability_id VCID-nfzm-eyht-kkb1
summary Improper Access Control in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-795n-caf2-fbcq
3
vulnerability VCID-7qhc-n6hc-ukbu
4
vulnerability VCID-h6c2-e5qv-myg8
5
vulnerability VCID-j545-f44v-w3cn
6
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GMS-2018-52
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfzm-eyht-kkb1
22
url VCID-nszv-9z68-bqeu
vulnerability_id VCID-nszv-9z68-bqeu
summary 
Unprivileged access to "Administer comments"
Users who have rights to edit a node can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7570
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.57318
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7570
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7570.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7570.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7570.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7570.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7570
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7570
5
reference_url https://www.drupal.org/SA-CORE-2016-004
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2016-004
6
reference_url http://www.securityfocus.com/bid/93101
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/93101
7
reference_url http://www.securitytracker.com/id/1036886
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1036886
fixed_packages
0
url pkg:composer/drupal/core@8.1.10
purl pkg:composer/drupal/core@8.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-2bnn-1wmq-ckdd
4
vulnerability VCID-4un9-k6n8-nffu
5
vulnerability VCID-51ze-a1zm-ukey
6
vulnerability VCID-5txj-xsnq-ducf
7
vulnerability VCID-757r-nv73-gfhg
8
vulnerability VCID-7kzf-7csh-wkds
9
vulnerability VCID-7qhc-n6hc-ukbu
10
vulnerability VCID-9ux4-434v-jbb9
11
vulnerability VCID-dhzk-3ek4-2uf8
12
vulnerability VCID-ejt8-umuh-g7e7
13
vulnerability VCID-fx6n-du84-yya2
14
vulnerability VCID-g3u3-6dza-gkg7
15
vulnerability VCID-hz2k-at38-wbeb
16
vulnerability VCID-j1yc-pqhw-pbh1
17
vulnerability VCID-j545-f44v-w3cn
18
vulnerability VCID-j7zf-w99n-nfcf
19
vulnerability VCID-jyzy-3fjs-b3fs
20
vulnerability VCID-kd54-616n-wbcw
21
vulnerability VCID-nfzm-eyht-kkb1
22
vulnerability VCID-re2h-u5bk-wqbw
23
vulnerability VCID-s8d1-k9q4-nkds
24
vulnerability VCID-svhr-wt5d-xbbq
25
vulnerability VCID-ta2u-bd9e-nfc7
26
vulnerability VCID-tv1h-9yxp-ryap
27
vulnerability VCID-ty8g-qrbm-cuf3
28
vulnerability VCID-unh6-xwtu-mkbt
29
vulnerability VCID-v2h1-1cfd-muft
30
vulnerability VCID-vby4-6r8z-6qgy
31
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.1.10
aliases CVE-2016-7570, GHSA-6g9h-6v79-w4pc
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nszv-9z68-bqeu
23
url VCID-pbqh-x6zw-duhn
vulnerability_id VCID-pbqh-x6zw-duhn
summary 
Cross-site Scripting in HTTP exceptions
An attacker can create a specially crafted url, which can execute arbitrary code in the victim’s browser if loaded. Drupal is not properly sanitizing an exception.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7571
reference_id
reference_type
scores
0
value 0.0039
scoring_system epss
scoring_elements 0.60342
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7571
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7571.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7571.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7571.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7571.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7571
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7571
5
reference_url https://www.drupal.org/SA-CORE-2016-004
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2016-004
6
reference_url http://www.securityfocus.com/bid/93101
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/93101
7
reference_url http://www.securitytracker.com/id/1036886
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1036886
fixed_packages
0
url pkg:composer/drupal/core@8.1.10
purl pkg:composer/drupal/core@8.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-2bnn-1wmq-ckdd
4
vulnerability VCID-4un9-k6n8-nffu
5
vulnerability VCID-51ze-a1zm-ukey
6
vulnerability VCID-5txj-xsnq-ducf
7
vulnerability VCID-757r-nv73-gfhg
8
vulnerability VCID-7kzf-7csh-wkds
9
vulnerability VCID-7qhc-n6hc-ukbu
10
vulnerability VCID-9ux4-434v-jbb9
11
vulnerability VCID-dhzk-3ek4-2uf8
12
vulnerability VCID-ejt8-umuh-g7e7
13
vulnerability VCID-fx6n-du84-yya2
14
vulnerability VCID-g3u3-6dza-gkg7
15
vulnerability VCID-hz2k-at38-wbeb
16
vulnerability VCID-j1yc-pqhw-pbh1
17
vulnerability VCID-j545-f44v-w3cn
18
vulnerability VCID-j7zf-w99n-nfcf
19
vulnerability VCID-jyzy-3fjs-b3fs
20
vulnerability VCID-kd54-616n-wbcw
21
vulnerability VCID-nfzm-eyht-kkb1
22
vulnerability VCID-re2h-u5bk-wqbw
23
vulnerability VCID-s8d1-k9q4-nkds
24
vulnerability VCID-svhr-wt5d-xbbq
25
vulnerability VCID-ta2u-bd9e-nfc7
26
vulnerability VCID-tv1h-9yxp-ryap
27
vulnerability VCID-ty8g-qrbm-cuf3
28
vulnerability VCID-unh6-xwtu-mkbt
29
vulnerability VCID-v2h1-1cfd-muft
30
vulnerability VCID-vby4-6r8z-6qgy
31
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.1.10
aliases CVE-2016-7571, GHSA-vhg8-x858-7wq6
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pbqh-x6zw-duhn
24
url VCID-re2h-u5bk-wqbw
vulnerability_id VCID-re2h-u5bk-wqbw
summary 
URL Redirection to Untrusted Site ('Open Redirect')
External URL injection through URL aliases in drupal.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-795n-caf2-fbcq
3
vulnerability VCID-7qhc-n6hc-ukbu
4
vulnerability VCID-h6c2-e5qv-myg8
5
vulnerability VCID-j545-f44v-w3cn
6
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GMS-2018-53
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-re2h-u5bk-wqbw
25
url VCID-s8d1-k9q4-nkds
vulnerability_id VCID-s8d1-k9q4-nkds
summary 
Entity Access Bypass
In versions of Drupal 8 core ; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6925
reference_id
reference_type
scores
0
value 0.00617
scoring_system epss
scoring_elements 0.70267
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6925
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6925.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6925.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6925.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6925.yaml
4
reference_url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2017-08-16/drupal-core-multiple
5
reference_url https://www.drupal.org/SA-CORE-2017-004
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2017-004
6
reference_url http://www.securityfocus.com/bid/100368
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/100368
7
reference_url http://www.securitytracker.com/id/1039200
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1039200
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6925
reference_id CVE-2017-6925
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6925
fixed_packages
0
url pkg:composer/drupal/core@8.3.7
purl pkg:composer/drupal/core@8.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-fx6n-du84-yya2
8
vulnerability VCID-j545-f44v-w3cn
9
vulnerability VCID-j7zf-w99n-nfcf
10
vulnerability VCID-kd54-616n-wbcw
11
vulnerability VCID-nfzm-eyht-kkb1
12
vulnerability VCID-re2h-u5bk-wqbw
13
vulnerability VCID-svhr-wt5d-xbbq
14
vulnerability VCID-ty8g-qrbm-cuf3
15
vulnerability VCID-unh6-xwtu-mkbt
16
vulnerability VCID-v2h1-1cfd-muft
17
vulnerability VCID-vby4-6r8z-6qgy
18
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.3.7
aliases CVE-2017-6925, GHSA-f4qx-jqfq-7785
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8d1-k9q4-nkds
26
url VCID-svhr-wt5d-xbbq
vulnerability_id VCID-svhr-wt5d-xbbq
summary 
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in the Enhanced Image plugin for CKEditor.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-9861
reference_id
reference_type
scores
0
value 0.00369
scoring_system epss
scoring_elements 0.59074
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-9861
1
reference_url https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-9861.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-9861.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-9861.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-9861.yaml
4
reference_url https://www.drupal.org/sa-core-2018-003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-003
5
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
6
reference_url http://www.securityfocus.com/bid/103924
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103924
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-9861
reference_id CVE-2018-9861
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-9861
8
reference_url https://usn.ubuntu.com/5340-1/
reference_id USN-5340-1
reference_type
scores
url https://usn.ubuntu.com/5340-1/
9
reference_url https://usn.ubuntu.com/USN-5340-2/
reference_id USN-USN-5340-2
reference_type
scores
url https://usn.ubuntu.com/USN-5340-2/
fixed_packages
0
url pkg:composer/drupal/core@8.4.7
purl pkg:composer/drupal/core@8.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-5txj-xsnq-ducf
3
vulnerability VCID-757r-nv73-gfhg
4
vulnerability VCID-7qhc-n6hc-ukbu
5
vulnerability VCID-j545-f44v-w3cn
6
vulnerability VCID-nfzm-eyht-kkb1
7
vulnerability VCID-re2h-u5bk-wqbw
8
vulnerability VCID-vby4-6r8z-6qgy
9
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.7
1
url pkg:composer/drupal/core@8.5.2
purl pkg:composer/drupal/core@8.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-5txj-xsnq-ducf
3
vulnerability VCID-757r-nv73-gfhg
4
vulnerability VCID-795n-caf2-fbcq
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-h6c2-e5qv-myg8
7
vulnerability VCID-j545-f44v-w3cn
8
vulnerability VCID-nfzm-eyht-kkb1
9
vulnerability VCID-re2h-u5bk-wqbw
10
vulnerability VCID-vby4-6r8z-6qgy
11
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.2
aliases CVE-2018-9861, GHSA-g78h-pf65-46rv
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-svhr-wt5d-xbbq
27
url VCID-ta2u-bd9e-nfc7
vulnerability_id VCID-ta2u-bd9e-nfc7
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9450
reference_id
reference_type
scores
0
value 0.00227
scoring_system epss
scoring_elements 0.45494
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9450
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9450.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-9450.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9450.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-9450.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-9450
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-9450
5
reference_url https://www.drupal.org/SA-CORE-2016-005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2016-005
6
reference_url http://www.securityfocus.com/bid/94367
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/94367
7
reference_url https://security.archlinux.org/ASA-201611-20
reference_id ASA-201611-20
reference_type
scores
url https://security.archlinux.org/ASA-201611-20
8
reference_url https://security.archlinux.org/AVG-74
reference_id AVG-74
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-74
fixed_packages
0
url pkg:composer/drupal/core@8.2.3
purl pkg:composer/drupal/core@8.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-4un9-k6n8-nffu
4
vulnerability VCID-51ze-a1zm-ukey
5
vulnerability VCID-5txj-xsnq-ducf
6
vulnerability VCID-757r-nv73-gfhg
7
vulnerability VCID-7kzf-7csh-wkds
8
vulnerability VCID-7qhc-n6hc-ukbu
9
vulnerability VCID-9ux4-434v-jbb9
10
vulnerability VCID-ejt8-umuh-g7e7
11
vulnerability VCID-fx6n-du84-yya2
12
vulnerability VCID-g3u3-6dza-gkg7
13
vulnerability VCID-hz2k-at38-wbeb
14
vulnerability VCID-j1yc-pqhw-pbh1
15
vulnerability VCID-j545-f44v-w3cn
16
vulnerability VCID-j7zf-w99n-nfcf
17
vulnerability VCID-jyzy-3fjs-b3fs
18
vulnerability VCID-kd54-616n-wbcw
19
vulnerability VCID-nfzm-eyht-kkb1
20
vulnerability VCID-re2h-u5bk-wqbw
21
vulnerability VCID-s8d1-k9q4-nkds
22
vulnerability VCID-svhr-wt5d-xbbq
23
vulnerability VCID-tv1h-9yxp-ryap
24
vulnerability VCID-ty8g-qrbm-cuf3
25
vulnerability VCID-unh6-xwtu-mkbt
26
vulnerability VCID-v2h1-1cfd-muft
27
vulnerability VCID-vby4-6r8z-6qgy
28
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.3
aliases CVE-2016-9450, GHSA-98w5-wqp9-w466
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ta2u-bd9e-nfc7
28
url VCID-tv1h-9yxp-ryap
vulnerability_id VCID-tv1h-9yxp-ryap
summary 
Cross Site Request Forgery
Some administrative paths did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6379
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.40758
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6379
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6379.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6379.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6379.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6379.yaml
4
reference_url https://www.drupal.org/SA-2017-001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-2017-001
5
reference_url http://www.securityfocus.com/bid/96919
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96919
6
reference_url http://www.securitytracker.com/id/1038058
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038058
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6379
reference_id CVE-2017-6379
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6379
fixed_packages
0
url pkg:composer/drupal/core@8.2.7
purl pkg:composer/drupal/core@8.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-4un9-k6n8-nffu
4
vulnerability VCID-51ze-a1zm-ukey
5
vulnerability VCID-5txj-xsnq-ducf
6
vulnerability VCID-757r-nv73-gfhg
7
vulnerability VCID-7kzf-7csh-wkds
8
vulnerability VCID-7qhc-n6hc-ukbu
9
vulnerability VCID-9ux4-434v-jbb9
10
vulnerability VCID-ejt8-umuh-g7e7
11
vulnerability VCID-fx6n-du84-yya2
12
vulnerability VCID-hz2k-at38-wbeb
13
vulnerability VCID-j1yc-pqhw-pbh1
14
vulnerability VCID-j545-f44v-w3cn
15
vulnerability VCID-j7zf-w99n-nfcf
16
vulnerability VCID-kd54-616n-wbcw
17
vulnerability VCID-nfzm-eyht-kkb1
18
vulnerability VCID-re2h-u5bk-wqbw
19
vulnerability VCID-s8d1-k9q4-nkds
20
vulnerability VCID-svhr-wt5d-xbbq
21
vulnerability VCID-ty8g-qrbm-cuf3
22
vulnerability VCID-unh6-xwtu-mkbt
23
vulnerability VCID-v2h1-1cfd-muft
24
vulnerability VCID-vby4-6r8z-6qgy
25
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.2.7
aliases CVE-2017-6379, GHSA-gxxq-fhc7-3jv9
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tv1h-9yxp-ryap
29
url VCID-ty8g-qrbm-cuf3
vulnerability_id VCID-ty8g-qrbm-cuf3
summary 
Settings Tray access bypass
In Drupal, the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6931
reference_id
reference_type
scores
0
value 0.00179
scoring_system epss
scoring_elements 0.39256
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6931
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6931
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6931
2
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6931.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6931.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6931.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6931.yaml
5
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
6
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6931
reference_id CVE-2017-6931
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6931
fixed_packages
0
url pkg:composer/drupal/core@8.4.5
purl pkg:composer/drupal/core@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-j545-f44v-w3cn
8
vulnerability VCID-nfzm-eyht-kkb1
9
vulnerability VCID-re2h-u5bk-wqbw
10
vulnerability VCID-svhr-wt5d-xbbq
11
vulnerability VCID-vby4-6r8z-6qgy
12
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5
aliases CVE-2017-6931, GHSA-7ffh-cjvg-fpr4
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ty8g-qrbm-cuf3
30
url VCID-unh6-xwtu-mkbt
vulnerability_id VCID-unh6-xwtu-mkbt
summary 
URL Redirection to Untrusted Site (Open Redirect)
Drupal core has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6932
reference_id
reference_type
scores
0
value 0.00383
scoring_system epss
scoring_elements 0.59882
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6932
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6932.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6932.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6932.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6932.yaml
4
reference_url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6932
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6932
6
reference_url https://www.debian.org/security/2018/dsa-4123
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4123
7
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
8
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
fixed_packages
0
url pkg:composer/drupal/core@8.4.5
purl pkg:composer/drupal/core@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-j545-f44v-w3cn
8
vulnerability VCID-nfzm-eyht-kkb1
9
vulnerability VCID-re2h-u5bk-wqbw
10
vulnerability VCID-svhr-wt5d-xbbq
11
vulnerability VCID-vby4-6r8z-6qgy
12
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5
aliases CVE-2017-6932, GHSA-wm86-w3cf-h6vm
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-unh6-xwtu-mkbt
31
url VCID-v2h1-1cfd-muft
vulnerability_id VCID-v2h1-1cfd-muft
summary 
JavaScript cross-site scripting prevention is incomplete
Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output is not auto-escaped by either Drupal 7 or Drupal 8). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6927
reference_id
reference_type
scores
0
value 0.0139
scoring_system epss
scoring_elements 0.80667
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6927
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6927.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6927.yaml
4
reference_url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-6927
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-6927
6
reference_url https://www.debian.org/security/2018/dsa-4123
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4123
7
reference_url https://www.drupal.org/sa-core-2018-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2018-001
8
reference_url https://www.drupal.org/SA-CORE-2018-001
reference_id
reference_type
scores
url https://www.drupal.org/SA-CORE-2018-001
9
reference_url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927
reference_id
reference_type
scores
url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6927
10
reference_url http://www.securityfocus.com/bid/103138
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103138
fixed_packages
0
url pkg:composer/drupal/core@8.4.5
purl pkg:composer/drupal/core@8.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-51ze-a1zm-ukey
3
vulnerability VCID-5txj-xsnq-ducf
4
vulnerability VCID-757r-nv73-gfhg
5
vulnerability VCID-7qhc-n6hc-ukbu
6
vulnerability VCID-9ux4-434v-jbb9
7
vulnerability VCID-j545-f44v-w3cn
8
vulnerability VCID-nfzm-eyht-kkb1
9
vulnerability VCID-re2h-u5bk-wqbw
10
vulnerability VCID-svhr-wt5d-xbbq
11
vulnerability VCID-vby4-6r8z-6qgy
12
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.4.5
aliases CVE-2017-6927, GHSA-585j-5449-mf5m
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v2h1-1cfd-muft
32
url VCID-vby4-6r8z-6qgy
vulnerability_id VCID-vby4-6r8z-6qgy
summary 
Improper Access Control
In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.
references
0
reference_url https://www.drupal.org/sa-core-2018-006
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2018-006
fixed_packages
0
url pkg:composer/drupal/core@8.6.2
purl pkg:composer/drupal/core@8.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-795n-caf2-fbcq
3
vulnerability VCID-7qhc-n6hc-ukbu
4
vulnerability VCID-h6c2-e5qv-myg8
5
vulnerability VCID-j545-f44v-w3cn
6
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.2
aliases GMS-2018-56
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vby4-6r8z-6qgy
33
url VCID-w9xe-83yw-mbhy
vulnerability_id VCID-w9xe-83yw-mbhy
summary 
Unprivileged access to config export
The `system.temporary` route allows the download of a full config export. The full config export should be limited to those with "Export configuration" permission.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7572
reference_id
reference_type
scores
0
value 0.00252
scoring_system epss
scoring_elements 0.48735
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7572
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-7572.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-7572.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7572
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7572
5
reference_url https://www.drupal.org/SA-CORE-2016-004
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2016-004
6
reference_url http://www.securityfocus.com/bid/93101
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/93101
7
reference_url http://www.securitytracker.com/id/1036886
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1036886
fixed_packages
0
url pkg:composer/drupal/core@8.1.10
purl pkg:composer/drupal/core@8.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-1jfe-j1fz-juec
2
vulnerability VCID-1unn-dn56-vufe
3
vulnerability VCID-2bnn-1wmq-ckdd
4
vulnerability VCID-4un9-k6n8-nffu
5
vulnerability VCID-51ze-a1zm-ukey
6
vulnerability VCID-5txj-xsnq-ducf
7
vulnerability VCID-757r-nv73-gfhg
8
vulnerability VCID-7kzf-7csh-wkds
9
vulnerability VCID-7qhc-n6hc-ukbu
10
vulnerability VCID-9ux4-434v-jbb9
11
vulnerability VCID-dhzk-3ek4-2uf8
12
vulnerability VCID-ejt8-umuh-g7e7
13
vulnerability VCID-fx6n-du84-yya2
14
vulnerability VCID-g3u3-6dza-gkg7
15
vulnerability VCID-hz2k-at38-wbeb
16
vulnerability VCID-j1yc-pqhw-pbh1
17
vulnerability VCID-j545-f44v-w3cn
18
vulnerability VCID-j7zf-w99n-nfcf
19
vulnerability VCID-jyzy-3fjs-b3fs
20
vulnerability VCID-kd54-616n-wbcw
21
vulnerability VCID-nfzm-eyht-kkb1
22
vulnerability VCID-re2h-u5bk-wqbw
23
vulnerability VCID-s8d1-k9q4-nkds
24
vulnerability VCID-svhr-wt5d-xbbq
25
vulnerability VCID-ta2u-bd9e-nfc7
26
vulnerability VCID-tv1h-9yxp-ryap
27
vulnerability VCID-ty8g-qrbm-cuf3
28
vulnerability VCID-unh6-xwtu-mkbt
29
vulnerability VCID-v2h1-1cfd-muft
30
vulnerability VCID-vby4-6r8z-6qgy
31
vulnerability VCID-yy7m-f66v-fbhz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.1.10
aliases CVE-2016-7572, GHSA-fmqh-2j2x-vgp3
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9xe-83yw-mbhy
34
url VCID-yy7m-f66v-fbhz
vulnerability_id VCID-yy7m-f66v-fbhz
summary 
Deserialization of Untrusted Data
Drupal core uses the third-party PEAR `Archive_Tar` library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-6338
reference_id
reference_type
scores
0
value 0.01047
scoring_system epss
scoring_elements 0.77808
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-6338
1
reference_url https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/02/msg00032.html
2
reference_url https://www.debian.org/security/2019/dsa-4370
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4370
3
reference_url https://www.drupal.org/sa-core-2019-001
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-001
4
reference_url http://www.securityfocus.com/bid/106706
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106706
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6338
reference_id CVE-2019-6338
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-6338
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml
reference_id CVE-2019-6338.YAML
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-6338.yaml
7
reference_url https://github.com/advisories/GHSA-6rmq-x2hv-vxpp
reference_id GHSA-6rmq-x2hv-vxpp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6rmq-x2hv-vxpp
fixed_packages
0
url pkg:composer/drupal/core@8.6.6
purl pkg:composer/drupal/core@8.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-163u-tpj9-skc5
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-795n-caf2-fbcq
3
vulnerability VCID-7qhc-n6hc-ukbu
4
vulnerability VCID-h6c2-e5qv-myg8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.6.6
aliases CVE-2019-6338, GHSA-6rmq-x2hv-vxpp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yy7m-f66v-fbhz
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.1.4